1/* $NetBSD: readpass.c,v 1.2 2009/06/07 22:38:47 christos Exp $ */ 2/* $OpenBSD: readpass.c,v 1.48 2010/12/15 00:49:27 djm Exp $ */ 3/* 4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27#include "includes.h" 28__RCSID("$NetBSD: readpass.c,v 1.2 2009/06/07 22:38:47 christos Exp $"); 29#include <sys/types.h> 30#include <sys/wait.h> 31 32#include <errno.h> 33#include <fcntl.h> 34#include <paths.h> 35#include <readpassphrase.h> 36#include <signal.h> 37#include <stdarg.h> 38#include <stdio.h> 39#include <stdlib.h> 40#include <string.h> 41#include <unistd.h> 42 43#include "xmalloc.h" 44#include "misc.h" 45#include "pathnames.h" 46#include "log.h" 47#include "ssh.h" 48#include "uidswap.h" 49 50static char * 51ssh_askpass(const char *askpass, const char *msg) 52{ 53 pid_t pid, ret; 54 size_t len; 55 char *pass; 56 int p[2], status; 57 char buf[1024]; 58 void (*osigchld)(int); 59 60 if (fflush(stdout) != 0) 61 error("ssh_askpass: fflush: %s", strerror(errno)); 62 if (askpass == NULL) 63 fatal("internal error: askpass undefined"); 64 if (pipe(p) < 0) { 65 error("ssh_askpass: pipe: %s", strerror(errno)); 66 return NULL; 67 } 68 osigchld = signal(SIGCHLD, SIG_DFL); 69 if ((pid = fork()) < 0) { 70 error("ssh_askpass: fork: %s", strerror(errno)); 71 signal(SIGCHLD, osigchld); 72 return NULL; 73 } 74 if (pid == 0) { 75 permanently_drop_suid(getuid()); 76 close(p[0]); 77 if (dup2(p[1], STDOUT_FILENO) < 0) 78 fatal("ssh_askpass: dup2: %s", strerror(errno)); 79 execlp(askpass, askpass, msg, (char *) 0); 80 fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); 81 } 82 close(p[1]); 83 84 len = 0; 85 do { 86 ssize_t r = read(p[0], buf + len, sizeof(buf) - 1 - len); 87 88 if (r == -1 && errno == EINTR) 89 continue; 90 if (r <= 0) 91 break; 92 len += r; 93 } while (sizeof(buf) - 1 - len > 0); 94 buf[len] = '\0'; 95 96 close(p[0]); 97 while ((ret = waitpid(pid, &status, 0)) < 0) 98 if (errno != EINTR) 99 break; 100 signal(SIGCHLD, osigchld); 101 if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) { 102 memset(buf, 0, sizeof(buf)); 103 return NULL; 104 } 105 106 buf[strcspn(buf, "\r\n")] = '\0'; 107 pass = xstrdup(buf); 108 memset(buf, 0, sizeof(buf)); 109 return pass; 110} 111 112/* 113 * Reads a passphrase from /dev/tty with echo turned off/on. Returns the 114 * passphrase (allocated with xmalloc). Exits if EOF is encountered. If 115 * RP_ALLOW_STDIN is set, the passphrase will be read from stdin if no 116 * tty is available 117 */ 118char * 119read_passphrase(const char *prompt, int flags) 120{ 121 const char *askpass = NULL; 122 char *ret, buf[1024]; 123 int rppflags, use_askpass = 0, ttyfd; 124 125 rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; 126 if (flags & RP_USE_ASKPASS) 127 use_askpass = 1; 128 else if (flags & RP_ALLOW_STDIN) { 129 if (!isatty(STDIN_FILENO)) { 130 debug("read_passphrase: stdin is not a tty"); 131 use_askpass = 1; 132 } 133 } else { 134 rppflags |= RPP_REQUIRE_TTY; 135 ttyfd = open(_PATH_TTY, O_RDWR); 136 if (ttyfd >= 0) 137 close(ttyfd); 138 else { 139 debug("read_passphrase: can't open %s: %s", _PATH_TTY, 140 strerror(errno)); 141 use_askpass = 1; 142 } 143 } 144 145 if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL) 146 return (flags & RP_ALLOW_EOF) ? NULL : xstrdup(""); 147 148 if (use_askpass && getenv("DISPLAY")) { 149 if (getenv(SSH_ASKPASS_ENV)) 150 askpass = getenv(SSH_ASKPASS_ENV); 151 else 152 askpass = _PATH_SSH_ASKPASS_DEFAULT; 153 if ((ret = ssh_askpass(askpass, prompt)) == NULL) 154 if (!(flags & RP_ALLOW_EOF)) 155 return xstrdup(""); 156 return ret; 157 } 158 159 if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) { 160 if (flags & RP_ALLOW_EOF) 161 return NULL; 162 return xstrdup(""); 163 } 164 165 ret = xstrdup(buf); 166 memset(buf, 'x', sizeof buf); 167 return ret; 168} 169 170int 171ask_permission(const char *fmt, ...) 172{ 173 va_list args; 174 char *p, prompt[1024]; 175 int allowed = 0; 176 177 va_start(args, fmt); 178 vsnprintf(prompt, sizeof(prompt), fmt, args); 179 va_end(args); 180 181 p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF); 182 if (p != NULL) { 183 /* 184 * Accept empty responses and responses consisting 185 * of the word "yes" as affirmative. 186 */ 187 if (*p == '\0' || *p == '\n' || 188 strcasecmp(p, "yes") == 0) 189 allowed = 1; 190 xfree(p); 191 } 192 193 return (allowed); 194} 195